infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

logstash plugin updates for 7.5.2

updates_os_and_scripts
neu5ron 2020-01-21 18:20:37 -05:00
parent f337515af1
commit 20b25fad27
8 changed files with 1012 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
docker/helk-logstash/plugins/Gemfile Normal file
View File

@ -0,0 +1,131 @@
# This is a Logstash generated Gemfile.
# If you modify this file manually all comments and formatting will be lost.
source "https://rubygems.org"
gem "logstash-core", :path => "./logstash-core"
gem "logstash-core-plugin-api", :path => "./logstash-core-plugin-api"
gem "atomic", "~> 1"
gem "builder", "~> 3"
gem "json", "~> 1.8.3"
gem "paquet", "~> 0.2"
gem "pleaserun", "~>0.0.28"
gem "rake", "~> 12"
gem "ruby-progressbar", "~> 1"
gem "logstash-output-elasticsearch"
gem "childprocess", "~> 0.9", :group => :build
gem "fpm", "~> 1.3.3", :group => :build
gem "gems", "~> 1", :group => :build
gem "octokit", "~> 4", :group => :build
gem "rubyzip", "~> 1", :group => :build
gem "stud", "~> 0.0.22", :group => :build
gem "belzebuth", :group => :development
gem "benchmark-ips", :group => :development
gem "ci_reporter_rspec", "~> 1", :group => :development
gem "flores", "~> 0.0.6", :group => :development
gem "json-schema", "~> 2", :group => :development
gem "logstash-devutils", "~> 1", :group => :development
gem "rack-test", :require => "rack/test", :group => :development
gem "rspec", "~> 3.5", :group => :development
gem "webmock", "~> 3", :group => :development
gem "logstash-codec-avro"
gem "logstash-codec-cef"
gem "logstash-codec-collectd"
gem "logstash-codec-dots"
gem "logstash-codec-edn"
gem "logstash-codec-edn_lines"
gem "logstash-codec-es_bulk"
gem "logstash-codec-fluent"
gem "logstash-codec-json"
gem "logstash-codec-json_lines"
gem "logstash-codec-line"
gem "logstash-codec-msgpack"
gem "logstash-codec-multiline"
gem "logstash-codec-netflow"
gem "logstash-codec-plain"
gem "logstash-codec-rubydebug"
gem "logstash-filter-aggregate"
gem "logstash-filter-anonymize"
gem "logstash-filter-cidr"
gem "logstash-filter-clone"
gem "logstash-filter-csv"
gem "logstash-filter-date"
gem "logstash-filter-de_dot"
gem "logstash-filter-dissect"
gem "logstash-filter-dns"
gem "logstash-filter-drop"
gem "logstash-filter-elasticsearch"
gem "logstash-filter-fingerprint"
gem "logstash-filter-geoip"
gem "logstash-filter-grok"
gem "logstash-filter-http"
gem "logstash-filter-jdbc_static"
gem "logstash-filter-jdbc_streaming"
gem "logstash-filter-json"
gem "logstash-filter-kv"
gem "logstash-filter-memcached"
gem "logstash-filter-metrics"
gem "logstash-filter-mutate"
gem "logstash-filter-prune"
gem "logstash-filter-ruby"
gem "logstash-filter-sleep"
gem "logstash-filter-split"
gem "logstash-filter-syslog_pri"
gem "logstash-filter-throttle"
gem "logstash-filter-translate"
gem "logstash-filter-truncate"
gem "logstash-filter-urldecode"
gem "logstash-filter-useragent"
gem "logstash-filter-uuid"
gem "logstash-filter-xml"
gem "logstash-input-azure_event_hubs"
gem "logstash-input-beats"
gem "logstash-input-dead_letter_queue"
gem "logstash-input-elasticsearch"
gem "logstash-input-exec"
gem "logstash-input-file"
gem "logstash-input-generator"
gem "logstash-input-heartbeat"
gem "logstash-input-http"
gem "logstash-input-http_poller"
gem "logstash-input-jdbc"
gem "logstash-input-jms"
gem "logstash-input-pipe"
gem "logstash-input-redis"
gem "logstash-input-s3"
gem "logstash-input-snmp"
gem "logstash-input-snmptrap"
gem "logstash-input-sqs"
gem "logstash-input-stdin"
gem "logstash-input-syslog"
gem "logstash-input-tcp"
gem "logstash-input-udp"
gem "logstash-input-unix"
gem "logstash-integration-kafka"
gem "logstash-integration-rabbitmq"
gem "logstash-output-csv"
gem "logstash-output-elastic_app_search"
gem "logstash-output-email"
gem "logstash-output-file"
gem "logstash-output-http"
gem "logstash-output-lumberjack"
gem "logstash-output-null"
gem "logstash-output-pipe"
gem "logstash-output-redis"
gem "logstash-output-s3"
gem "logstash-output-sns"
gem "logstash-output-sqs"
gem "logstash-output-stdout"
gem "logstash-output-tcp"
gem "logstash-output-udp"
gem "logstash-codec-gzip_lines"
gem "logstash-codec-nmap"
gem "logstash-codec-protobuf"
gem "logstash-filter-alter"
gem "logstash-filter-bytes"
gem "logstash-filter-cipher"
gem "logstash-filter-i18n"
gem "logstash-filter-json_encode"
gem "logstash-filter-metricize"
gem "logstash-input-lumberjack"
gem "logstash-input-wmi"
gem "logstash-output-syslog"

747
docker/helk-logstash/plugins/Gemfile.lock Normal file
View File

@ -0,0 +1,747 @@
PATH
remote: logstash-core-plugin-api
specs:
logstash-core-plugin-api (2.1.16-java)
logstash-core (= 7.5.2)
PATH
remote: logstash-core
specs:
logstash-core (7.5.2-java)
chronic_duration (~> 0.10)
clamp (~> 0.6)
concurrent-ruby (~> 1)
elasticsearch (~> 5)
filesize (~> 0.2)
gems (~> 1)
i18n (~> 1)
jrjackson (= 0.4.11)
jruby-openssl (~> 0.10)
manticore (~> 0.6)
minitar (~> 0.8)
pry (~> 0.12)
puma (~> 2)
rack (~> 1, >= 1.6.11)
rubyzip (~> 1)
sinatra (~> 1, >= 1.4.6)
stud (~> 0.0.19)
thread_safe (~> 0.3.6)
treetop (~> 1)
GEM
remote: https://rubygems.org/
specs:
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
arr-pm (0.0.10)
cabin (> 0)
atomic (1.1.101-java)
avl_tree (1.2.1)
atomic (~> 1.1)
avro (1.9.1)
multi_json
awesome_print (1.7.0)
aws-eventstream (1.0.3)
aws-sdk (2.11.434)
aws-sdk-resources (= 2.11.434)
aws-sdk-core (2.11.434)
aws-sigv4 (~> 1.0)
jmespath (~> 1.0)
aws-sdk-resources (2.11.434)
aws-sdk-core (= 2.11.434)
aws-sdk-v1 (1.67.0)
json (~> 1.4)
nokogiri (~> 1)
aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
back_pressure (1.0.0)
backports (3.15.0)
belzebuth (0.2.3)
childprocess
benchmark-ips (2.7.2)
bindata (2.4.4)
builder (3.2.4)
cabin (0.9.0)
childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11)
chronic_duration (0.10.6)
numerizer (~> 0.1.1)
ci_reporter (2.0.0)
builder (>= 2.1.2)
ci_reporter_rspec (1.0.0)
ci_reporter (~> 2.0)
rspec (>= 2.14, < 4)
clamp (0.6.5)
coderay (1.1.2)
concurrent-ruby (1.1.5)
crack (0.4.3)
safe_yaml (~> 1.0.0)
dalli (2.7.10)
diff-lcs (1.3)
dotenv (2.7.5)
edn (1.1.1)
elasticsearch (5.0.5)
elasticsearch-api (= 5.0.5)
elasticsearch-transport (= 5.0.5)
elasticsearch-api (5.0.5)
multi_json
elasticsearch-transport (5.0.5)
faraday
multi_json
faraday (0.15.4)
multipart-post (>= 1.2, < 3)
ffi (1.12.1-java)
filesize (0.2.0)
fivemat (1.3.7)
flores (0.0.7)
fpm (1.3.3)
arr-pm (~> 0.0.9)
backports (>= 2.6.2)
cabin (>= 0.6.0)
childprocess
clamp (~> 0.6)
ffi
json (>= 1.7.7)
gem_publisher (1.5.0)
gems (1.2.0)
gene_pool (1.5.0)
concurrent-ruby (>= 1.0)
google-protobuf (3.5.0.pre-java)
hashdiff (1.0.0)
hitimes (1.3.1-java)
i18n (1.8.2)
concurrent-ruby (~> 1.0)
insist (1.0.0)
jar-dependencies (0.4.0)
jls-grok (0.11.5)
cabin (>= 0.6.0)
jls-lumberjack (0.0.26)
concurrent-ruby
jmespath (1.4.0)
jrjackson (0.4.11-java)
jruby-jms (1.3.0-java)
gene_pool
semantic_logger
jruby-openssl (0.10.2-java)
jruby-stdin-channel (0.2.0-java)
jruby-win32ole (0.8.5)
json (1.8.6-java)
json-schema (2.8.1)
addressable (>= 2.4)
kramdown (1.14.0)
logstash-codec-avro (3.2.3-java)
avro
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-cef (6.1.0-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-collectd (3.0.8)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-dots (3.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-edn (3.0.6)
edn
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-edn_lines (3.0.6)
edn
logstash-codec-line
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-es_bulk (3.0.8)
logstash-codec-line
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-fluent (3.3.0-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
msgpack (~> 1.1)
logstash-codec-gzip_lines (3.0.4)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-json (3.0.5)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-json_lines (3.0.6)
logstash-codec-line (>= 2.1.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-line (3.0.8)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-msgpack (3.0.7-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
msgpack (~> 1.1)
logstash-codec-multiline (3.0.10)
jls-grok (~> 0.11.1)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-patterns-core
logstash-codec-netflow (4.2.1)
bindata (>= 1.5.0)
logstash-core-plugin-api (~> 2.0)
logstash-codec-nmap (0.0.21)
logstash-core-plugin-api (>= 1.60, <= 2.99)
ruby-nmap (~> 0.8.0)
logstash-codec-plain (3.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-codec-protobuf (1.2.2)
google-protobuf (= 3.5.0.pre)
logstash-core-plugin-api (>= 1.60, <= 2.99)
ruby-protocol-buffers
logstash-codec-rubydebug (3.0.6)
awesome_print (= 1.7.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-devutils (1.3.6-java)
fivemat
gem_publisher
insist (= 1.0.0)
kramdown (= 1.14.0)
logstash-core-plugin-api (>= 2.0, <= 2.99)
minitar
rake
rspec (~> 3.0)
rspec-wait
stud (>= 0.0.20)
logstash-filter-aggregate (2.9.1)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-alter (3.0.3)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-anonymize (3.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
murmurhash3
logstash-filter-bytes (1.0.2)
logstash-core-plugin-api (~> 2.0)
logstash-filter-cidr (3.1.3-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-cipher (4.0.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-clone (4.0.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-csv (3.0.10)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-date (3.1.9)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-de_dot (1.0.4)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-dissect (1.2.0)
jar-dependencies
logstash-core-plugin-api (>= 2.1.1, <= 2.99)
logstash-filter-dns (3.1.3)
logstash-core-plugin-api (>= 1.60, <= 2.99)
lru_redux (~> 1.1.0)
logstash-filter-drop (3.0.5)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-elasticsearch (3.7.0)
elasticsearch (>= 5.0.3)
logstash-core-plugin-api (>= 1.60, <= 2.99)
manticore (~> 0.6)
logstash-filter-fingerprint (3.2.1)
logstash-core-plugin-api (>= 1.60, <= 2.99)
murmurhash3
logstash-filter-geoip (6.0.3-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-grok (4.2.0)
jls-grok (~> 0.11.3)
logstash-core (>= 5.6.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-patterns-core
stud (~> 0.0.22)
logstash-filter-http (1.0.2)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-http_client (>= 5.0.0, < 9.0.0)
logstash-filter-i18n (3.0.3-java)
i18n (>= 0.6.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-jdbc_static (1.1.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
rufus-scheduler (< 3.5)
sequel
tzinfo
tzinfo-data
logstash-filter-jdbc_streaming (1.0.10)
logstash-core-plugin-api (>= 1.60, <= 2.99)
lru_redux
sequel
logstash-filter-json (3.1.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-json_encode (3.0.3-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-kv (4.4.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-memcached (1.0.1)
dalli (~> 2.7)
logstash-core-plugin-api (~> 2.0)
logstash-filter-metricize (3.0.3-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-metrics (4.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
metriks
thread_safe
logstash-filter-mutate (3.5.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-prune (3.0.4)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-ruby (3.1.5)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-sleep (3.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-split (3.1.8)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-syslog_pri (3.0.5)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-throttle (4.0.4)
atomic
logstash-core-plugin-api (>= 1.60, <= 2.99)
thread_safe
logstash-filter-translate (3.2.3)
logstash-core-plugin-api (>= 1.60, <= 2.99)
rufus-scheduler
logstash-filter-truncate (1.0.4)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-urldecode (3.0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-useragent (3.2.4-java)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-uuid (3.0.5)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-xml (4.0.7)
logstash-core-plugin-api (>= 1.60, <= 2.99)
nokogiri
xml-simple
logstash-input-azure_event_hubs (1.1.2)
logstash-codec-json
logstash-codec-plain
logstash-core-plugin-api (~> 2.0)
stud (>= 0.0.22)
logstash-input-beats (6.0.5-java)
concurrent-ruby (~> 1.0)
jar-dependencies (~> 0.3, >= 0.3.4)
logstash-codec-multiline (>= 2.0.5)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
thread_safe (~> 0.3.5)
logstash-input-dead_letter_queue (1.1.5)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-elasticsearch (4.5.0)
elasticsearch (>= 5.0.3)
faraday (~> 0.15.4)
logstash-codec-json
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
manticore (~> 0.6)
rufus-scheduler
sequel
tzinfo
tzinfo-data
logstash-input-exec (3.3.3)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
rufus-scheduler
stud (~> 0.0.22)
logstash-input-file (4.1.13)
addressable
logstash-codec-multiline (~> 3.0)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-generator (3.0.6)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-heartbeat (3.0.7)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud
logstash-input-http (3.3.2-java)
jar-dependencies (~> 0.3, >= 0.3.4)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-http_poller (5.0.1)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-http_client (~> 7)
rufus-scheduler (~> 3.0.9)
stud (~> 0.0.22)
logstash-input-jdbc (4.3.19)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
rufus-scheduler
sequel
tzinfo
tzinfo-data
logstash-input-jms (3.1.2-java)
jruby-jms (>= 1.2.0)
logstash-codec-json (~> 3.0)
logstash-codec-plain (~> 3.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
semantic_logger (< 4.0.0)
logstash-input-lumberjack (3.1.6)
concurrent-ruby
jls-lumberjack (~> 0.0.26)
logstash-codec-multiline (~> 3.0)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-pipe (3.0.7)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud (~> 0.0.22)
logstash-input-redis (3.5.0)
logstash-codec-json
logstash-core-plugin-api (>= 1.60, <= 2.99)
redis (~> 4)
logstash-input-s3 (3.4.1)
logstash-core-plugin-api (>= 2.1.12, <= 2.99)
logstash-mixin-aws (>= 4.3.0)
stud (~> 0.0.18)
logstash-input-snmp (1.2.1)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud (>= 0.0.22, < 0.1.0)
logstash-input-snmptrap (3.0.6)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
snmp
logstash-input-sqs (3.1.2)
logstash-codec-json
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-aws (>= 4.3.0)
logstash-input-stdin (3.2.6)
concurrent-ruby
jruby-stdin-channel
logstash-codec-line
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-syslog (3.4.1)
concurrent-ruby
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-date
logstash-filter-grok
stud (>= 0.0.22, < 0.1.0)
thread_safe
logstash-input-tcp (6.0.3-java)
logstash-codec-json
logstash-codec-json_lines
logstash-codec-line
logstash-codec-multiline
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-udp (3.3.4)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud (~> 0.0.22)
logstash-input-unix (3.0.7)
logstash-codec-line
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-input-wmi (3.0.4-java)
jruby-win32ole
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-integration-kafka (10.0.0-java)
logstash-codec-json
logstash-codec-plain
logstash-core (>= 6.5.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud (>= 0.0.22, < 0.1.0)
logstash-integration-rabbitmq (7.0.2-java)
back_pressure (~> 1.0)
logstash-codec-json
logstash-core (>= 6.5.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
march_hare (~> 4.0)
stud (~> 0.0.22)
logstash-mixin-aws (4.3.0)
aws-sdk (~> 2)
aws-sdk-v1 (>= 1.61.0)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-http_client (7.0.0)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
manticore (>= 0.5.2, < 1.0.0)
logstash-output-csv (3.0.8)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-filter-json
logstash-input-generator
logstash-output-file
logstash-output-elastic_app_search (1.0.0)
logstash-codec-plain
logstash-core-plugin-api (~> 2.0)
logstash-output-elasticsearch (10.3.1-java)
cabin (~> 0.6)
logstash-core-plugin-api (>= 1.60, <= 2.99)
manticore (>= 0.5.4, < 1.0.0)
stud (~> 0.0, >= 0.0.17)
logstash-output-email (4.1.1)
logstash-core-plugin-api (>= 1.60, <= 2.99)
mail (~> 2.6.3)
mime-types (< 3)
mustache (>= 0.99.8)
logstash-output-file (4.2.6)
logstash-codec-json_lines
logstash-codec-line
logstash-core-plugin-api (>= 2.0.0, < 2.99)
logstash-output-http (5.2.4)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-http_client (>= 6.0.0, < 8.0.0)
logstash-output-lumberjack (3.1.7)
jls-lumberjack (>= 0.0.26)
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud
logstash-output-null (3.0.5)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-output-pipe (3.0.6)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-output-redis (5.0.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
redis (~> 4)
stud
logstash-output-s3 (4.2.0)
concurrent-ruby
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-aws (>= 4.3.0)
stud (~> 0.0.22)
logstash-output-sns (4.0.7)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-aws (>= 1.0.0)
logstash-output-sqs (6.0.0)
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-mixin-aws (>= 4.3.0)
logstash-output-stdout (3.1.4)
logstash-codec-rubydebug
logstash-core-plugin-api (>= 1.60.1, < 2.99)
logstash-output-syslog (3.0.5)
logstash-codec-plain
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-output-tcp (6.0.0)
logstash-codec-json
logstash-core-plugin-api (>= 1.60, <= 2.99)
stud
logstash-output-udp (3.1.0)
logstash-codec-json
logstash-core-plugin-api (>= 1.60, <= 2.99)
logstash-patterns-core (4.1.2)
logstash-core-plugin-api (>= 1.60, <= 2.99)
lru_redux (1.1.0)
mail (2.6.6)
mime-types (>= 1.16, < 4)
manticore (0.6.4-java)
openssl_pkcs8_pure
march_hare (4.1.1-java)
method_source (0.9.2)
metriks (0.9.9.8)
atomic (~> 1.0)
avl_tree (~> 1.2.0)
hitimes (~> 1.1)
mime-types (2.99.3)
minitar (0.9)
msgpack (1.3.1-java)
multi_json (1.14.1)
multipart-post (2.1.1)
murmurhash3 (0.1.6-java)
mustache (0.99.8)
nokogiri (1.10.7-java)
numerizer (0.1.1)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
openssl_pkcs8_pure (0.0.0.2)
paquet (0.2.1)
pleaserun (0.0.30)
cabin (> 0)
clamp
dotenv
insist
mustache (= 0.99.8)
stud
polyglot (0.3.5)
pry (0.12.2-java)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
spoon (~> 0.0)
public_suffix (4.0.3)
puma (2.16.0-java)
rack (1.6.12)
rack-protection (1.5.5)
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rake (12.3.3)
redis (4.1.3)
rprogram (0.3.2)
rspec (3.9.0)
rspec-core (~> 3.9.0)
rspec-expectations (~> 3.9.0)
rspec-mocks (~> 3.9.0)
rspec-core (3.9.1)
rspec-support (~> 3.9.1)
rspec-expectations (3.9.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-mocks (3.9.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-support (3.9.2)
rspec-wait (0.0.9)
rspec (>= 3, < 4)
ruby-nmap (0.8.0)
nokogiri (~> 1.3)
rprogram (~> 0.3)
ruby-progressbar (1.10.1)
ruby-protocol-buffers (1.6.1)
rubyzip (1.3.0)
rufus-scheduler (3.0.9)
tzinfo
safe_yaml (1.0.5)
sawyer (0.8.2)
addressable (>= 2.3.5)
faraday (> 0.8, < 2.0)
semantic_logger (3.4.1)
concurrent-ruby (~> 1.0)
sequel (5.28.0)
sinatra (1.4.8)
rack (~> 1.5)
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
snmp (1.3.2)
spoon (0.0.6)
ffi
stud (0.0.23)
thread_safe (0.3.6-java)
tilt (2.0.10)
treetop (1.6.10)
polyglot (~> 0.3)
tzinfo (2.0.1)
concurrent-ruby (~> 1.0)
tzinfo-data (1.2019.3)
tzinfo (>= 1.0.0)
webmock (3.7.6)
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
xml-simple (1.1.5)
PLATFORMS
java
DEPENDENCIES
atomic (~> 1)
belzebuth
benchmark-ips
builder (~> 3)
childprocess (~> 0.9)
ci_reporter_rspec (~> 1)
flores (~> 0.0.6)
fpm (~> 1.3.3)
gems (~> 1)
json (~> 1.8.3)
json-schema (~> 2)
logstash-codec-avro
logstash-codec-cef
logstash-codec-collectd
logstash-codec-dots
logstash-codec-edn
logstash-codec-edn_lines
logstash-codec-es_bulk
logstash-codec-fluent
logstash-codec-gzip_lines
logstash-codec-json
logstash-codec-json_lines
logstash-codec-line
logstash-codec-msgpack
logstash-codec-multiline
logstash-codec-netflow
logstash-codec-nmap
logstash-codec-plain
logstash-codec-protobuf
logstash-codec-rubydebug
logstash-core!
logstash-core-plugin-api!
logstash-devutils (~> 1)
logstash-filter-aggregate
logstash-filter-alter
logstash-filter-anonymize
logstash-filter-bytes
logstash-filter-cidr
logstash-filter-cipher
logstash-filter-clone
logstash-filter-csv
logstash-filter-date
logstash-filter-de_dot
logstash-filter-dissect
logstash-filter-dns
logstash-filter-drop
logstash-filter-elasticsearch
logstash-filter-fingerprint
logstash-filter-geoip
logstash-filter-grok
logstash-filter-http
logstash-filter-i18n
logstash-filter-jdbc_static
logstash-filter-jdbc_streaming
logstash-filter-json
logstash-filter-json_encode
logstash-filter-kv
logstash-filter-memcached
logstash-filter-metricize
logstash-filter-metrics
logstash-filter-mutate
logstash-filter-prune
logstash-filter-ruby
logstash-filter-sleep
logstash-filter-split
logstash-filter-syslog_pri
logstash-filter-throttle
logstash-filter-translate
logstash-filter-truncate
logstash-filter-urldecode
logstash-filter-useragent
logstash-filter-uuid
logstash-filter-xml
logstash-input-azure_event_hubs
logstash-input-beats
logstash-input-dead_letter_queue
logstash-input-elasticsearch
logstash-input-exec
logstash-input-file
logstash-input-generator
logstash-input-heartbeat
logstash-input-http
logstash-input-http_poller
logstash-input-jdbc
logstash-input-jms
logstash-input-lumberjack
logstash-input-pipe
logstash-input-redis
logstash-input-s3
logstash-input-snmp
logstash-input-snmptrap
logstash-input-sqs
logstash-input-stdin
logstash-input-syslog
logstash-input-tcp
logstash-input-udp
logstash-input-unix
logstash-input-wmi
logstash-integration-kafka
logstash-integration-rabbitmq
logstash-output-csv
logstash-output-elastic_app_search
logstash-output-elasticsearch
logstash-output-email
logstash-output-file
logstash-output-http
logstash-output-lumberjack
logstash-output-null
logstash-output-pipe
logstash-output-redis
logstash-output-s3
logstash-output-sns
logstash-output-sqs
logstash-output-stdout
logstash-output-syslog
logstash-output-tcp
logstash-output-udp
octokit (~> 4)
paquet (~> 0.2)
pleaserun (~> 0.0.28)
rack-test
rake (~> 12)
rspec (~> 3.5)
ruby-progressbar (~> 1)
rubyzip (~> 1)
stud (~> 0.0.22)
webmock (~> 3)
BUNDLED WITH
1.17.3

279
docker/helk-logstash/plugins/README.md
View File

@ -2,154 +2,133 @@
**Make sure to use a standalone version of logstash aka the zip/tar.gz version.** **Make sure to use a standalone version of logstash aka the zip/tar.gz version.**
1) Using the standalone version of logstash, change into its directory 1. Update existing plugins
```bash
./bin/logstash-plugin update
```
1. Using the standalone version of logstash, change into its directory
```bash
cd logstash-standalone/
```
1. Remove some unnecessary plugins
```bash
./bin/logstash-plugin remove logstash-input-couchdb_changes &&
./bin/logstash-plugin remove logstash-input-gelf &&
./bin/logstash-plugin remove logstash-input-ganglia &&
./bin/logstash-plugin remove logstash-input-graphite &&
./bin/logstash-plugin remove logstash-input-imap &&
./bin/logstash-plugin remove logstash-input-twitter &&
./bin/logstash-plugin remove logstash-output-cloudwatch &&
./bin/logstash-plugin remove logstash-output-graphite &&
./bin/logstash-plugin remove logstash-output-nagios &&
./bin/logstash-plugin remove logstash-output-webhdfs &&
./bin/logstash-plugin remove logstash-codec-graphite
```
1. Install the logstash codec plugins
```bash
./bin/logstash-plugin install logstash-codec-avro &&
./bin/logstash-plugin install logstash-codec-es_bulk &&
./bin/logstash-plugin install logstash-codec-cef &&
./bin/logstash-plugin install logstash-codec-gzip_lines &&
./bin/logstash-plugin install logstash-codec-json &&
./bin/logstash-plugin install logstash-codec-json_lines &&
./bin/logstash-plugin install logstash-codec-netflow &&
./bin/logstash-plugin install logstash-codec-nmap &&
./bin/logstash-plugin install logstash-codec-protobuf
```
1. Install the logstash filter plugins
```bash
./bin/logstash-plugin install logstash-filter-alter &&
./bin/logstash-plugin install logstash-filter-bytes &&
./bin/logstash-plugin install logstash-filter-cidr &&
./bin/logstash-plugin install logstash-filter-cipher &&
./bin/logstash-plugin install logstash-filter-clone &&
./bin/logstash-plugin install logstash-filter-csv &&
./bin/logstash-plugin install logstash-filter-de_dot &&
./bin/logstash-plugin install logstash-filter-dissect &&
./bin/logstash-plugin install logstash-filter-dns &&
./bin/logstash-plugin install logstash-filter-elasticsearch &&
./bin/logstash-plugin install logstash-filter-fingerprint &&
./bin/logstash-plugin install logstash-filter-geoip &&
./bin/logstash-plugin install logstash-filter-i18n &&
./bin/logstash-plugin install logstash-filter-jdbc_static &&
./bin/logstash-plugin install logstash-filter-jdbc_streaming &&
./bin/logstash-plugin install logstash-filter-json &&
./bin/logstash-plugin install logstash-filter-json_encode &&
./bin/logstash-plugin install logstash-filter-kv &&
./bin/logstash-plugin install logstash-filter-memcached &&
./bin/logstash-plugin install logstash-filter-metricize &&
./bin/logstash-plugin install logstash-filter-prune &&
./bin/logstash-plugin install logstash-filter-translate &&
./bin/logstash-plugin install logstash-filter-urldecode &&
./bin/logstash-plugin install logstash-filter-useragent &&
./bin/logstash-plugin install logstash-filter-xml
```
1. Install the logstash integration plugins
```bash
./bin/logstash-plugin install logstash-integration-kafka &&
./bin/logstash-plugin install logstash-integration-rabbitmq
```
1. Install the logstash input plugins
```bash
./bin/logstash-plugin install logstash-input-beats &&
./bin/logstash-plugin install logstash-input-elasticsearch &&
./bin/logstash-plugin install logstash-input-file &&
./bin/logstash-plugin install logstash-input-jdbc &&
./bin/logstash-plugin install logstash-input-lumberjack &&
./bin/logstash-plugin install logstash-input-snmp &&
./bin/logstash-plugin install logstash-input-snmptrap &&
./bin/logstash-plugin install logstash-input-syslog &&
./bin/logstash-plugin install logstash-input-tcp &&
./bin/logstash-plugin install logstash-input-udp &&
./bin/logstash-plugin install logstash-input-wmi
```
1. Install the logstash output plugins
```bash
./bin/logstash-plugin install logstash-output-csv &&
./bin/logstash-plugin install logstash-output-elasticsearch &&
./bin/logstash-plugin install logstash-output-email &&
./bin/logstash-plugin install logstash-output-lumberjack &&
./bin/logstash-plugin install logstash-output-nagios &&
./bin/logstash-plugin install logstash-output-stdout &&
./bin/logstash-plugin install logstash-output-syslog &&
./bin/logstash-plugin install logstash-output-tcp &&
./bin/logstash-plugin install logstash-output-udp
```
1. Update the plugins... again...
```bash
./bin/logstash-plugin update
```
1. Remove some unnecessary plugins, again yes
```bash
./bin/logstash-plugin remove logstash-codec-graphite 2> /dev/null;
./bin/logstash-plugin remove logstash-input-couchdb_changes 2> /dev/null;
./bin/logstash-plugin remove logstash-input-gelf 2> /dev/null;
./bin/logstash-plugin remove logstash-input-ganglia 2> /dev/null;
./bin/logstash-plugin remove logstash-input-graphite 2> /dev/null;
./bin/logstash-plugin remove logstash-input-imap 2> /dev/null;
./bin/logstash-plugin remove logstash-input-twitter 2> /dev/null;
./bin/logstash-plugin remove logstash-output-cloudwatch 2> /dev/null;
./bin/logstash-plugin remove logstash-output-graphite 2> /dev/null;
./bin/logstash-plugin remove logstash-output-nagios 2> /dev/null;
./bin/logstash-plugin remove logstash-output-webhdfs 2> /dev/null
```
1. List the plugins and corresponding versions, then add the output to [logstash-plugin-information.yml](logstash-plugin-information.yml)
```bash ```bash
cd logstash-standalone/ ./bin/logstash-plugin list --verbose
``` ```
1. Package the plugins
1) Remove some unnecessary plugins ```bash
./bin/logstash-plugin prepare-offline-pack --output helk-offline-logstash-codec_and_filter_plugins.zip --overwrite logstash-codec-* logstash-filter-* &&
```bash ./bin/logstash-plugin prepare-offline-pack --output helk-offline-logstash-input_and_output-plugins.zip --overwrite logstash-input-* logstash-output-*
./bin/logstash-plugin remove logstash-input-couchdb_changes && ```
./bin/logstash-plugin remove logstash-input-gelf && 1. Hash the packaged plugins
./bin/logstash-plugin remove logstash-input-ganglia && ```bash
./bin/logstash-plugin remove logstash-input-graphite && sha512sum helk-offline-logstash-codec_and_filter_plugins.zip > helk-offline-logstash-codec_and_filter_plugins.zip.sha512 &&
./bin/logstash-plugin remove logstash-input-imap && sha512sum helk-offline-logstash-input_and_output-plugins.zip > helk-offline-logstash-input_and_output-plugins.zip.sha512
./bin/logstash-plugin remove logstash-input-twitter && ```
./bin/logstash-plugin remove logstash-output-cloudwatch && 2. Move the plugins and files, via your preferred method, to `HELK/docker/helk-logstash/plugins/`
./bin/logstash-plugin remove logstash-output-graphite && ```bash
./bin/logstash-plugin remove logstash-output-nagios && cp helk-offline* Gemfile Gemfile.lock HELK/docker/helk-logstash/plugins/
./bin/logstash-plugin remove logstash-output-rabbitmq && ```
./bin/logstash-plugin remove logstash-output-webhdfs &&
./bin/logstash-plugin remove logstash-codec-graphite
```
2) Install the logstash codec plugins
```bash
./bin/logstash-plugin install logstash-codec-avro &&
./bin/logstash-plugin install logstash-codec-es_bulk &&
./bin/logstash-plugin install logstash-codec-cef &&
./bin/logstash-plugin install logstash-codec-gzip_lines &&
./bin/logstash-plugin install logstash-codec-json &&
./bin/logstash-plugin install logstash-codec-json_lines &&
./bin/logstash-plugin install logstash-codec-netflow &&
./bin/logstash-plugin install logstash-codec-nmap &&
./bin/logstash-plugin install logstash-codec-protobuf
```
3) Install the logstash filter plugins
```bash
./bin/logstash-plugin install logstash-filter-alter &&
./bin/logstash-plugin install logstash-filter-bytes &&
./bin/logstash-plugin install logstash-filter-cidr &&
./bin/logstash-plugin install logstash-filter-cipher &&
./bin/logstash-plugin install logstash-filter-clone &&
./bin/logstash-plugin install logstash-filter-csv &&
./bin/logstash-plugin install logstash-filter-de_dot &&
./bin/logstash-plugin install logstash-filter-dissect &&
./bin/logstash-plugin install logstash-filter-dns &&
./bin/logstash-plugin install logstash-filter-elasticsearch &&
./bin/logstash-plugin install logstash-filter-fingerprint &&
./bin/logstash-plugin install logstash-filter-geoip &&
./bin/logstash-plugin install logstash-filter-i18n &&
./bin/logstash-plugin install logstash-filter-jdbc_static &&
./bin/logstash-plugin install logstash-filter-jdbc_streaming &&
./bin/logstash-plugin install logstash-filter-json &&
./bin/logstash-plugin install logstash-filter-json_encode &&
./bin/logstash-plugin install logstash-filter-kv &&
./bin/logstash-plugin install logstash-filter-memcached &&
./bin/logstash-plugin install logstash-filter-metricize &&
./bin/logstash-plugin install logstash-filter-prune &&
./bin/logstash-plugin install logstash-filter-translate &&
./bin/logstash-plugin install logstash-filter-urldecode &&
./bin/logstash-plugin install logstash-filter-useragent &&
./bin/logstash-plugin install logstash-filter-xml
```
4) Install the logstash input plugins
```bash
./bin/logstash-plugin install logstash-input-beats &&
./bin/logstash-plugin install logstash-input-elasticsearch &&
./bin/logstash-plugin install logstash-input-file &&
./bin/logstash-plugin install logstash-input-jdbc &&
./bin/logstash-plugin install logstash-input-lumberjack &&
./bin/logstash-plugin install logstash-input-snmptrap &&
./bin/logstash-plugin install logstash-input-syslog &&
./bin/logstash-plugin install logstash-input-tcp &&
./bin/logstash-plugin install logstash-input-udp &&
./bin/logstash-plugin install logstash-input-wmi
```
5) Install the logstash integration plugins
```bash
./bin/logstash-plugin install logstash-integration-kafka
```
6) Install the logstash output plugins
```bash
./bin/logstash-plugin install logstash-output-csv &&
./bin/logstash-plugin install logstash-output-elasticsearch &&
./bin/logstash-plugin install logstash-output-email &&
./bin/logstash-plugin install logstash-output-lumberjack &&
./bin/logstash-plugin install logstash-output-nagios &&
./bin/logstash-plugin install logstash-output-stdout &&
./bin/logstash-plugin install logstash-output-syslog &&
./bin/logstash-plugin install logstash-output-tcp &&
./bin/logstash-plugin install logstash-output-udp
```
7) Update the plugins... Even after you have already installed them...
```bash
./bin/logstash-plugin update
```
8) Remove some unnecessary plugins, again yes
```bash
./bin/logstash-plugin remove logstash-input-couchdb_changes;
./bin/logstash-plugin remove logstash-input-gelf;
./bin/logstash-plugin remove logstash-input-ganglia;
./bin/logstash-plugin remove logstash-input-graphite;
./bin/logstash-plugin remove logstash-input-imap;
./bin/logstash-plugin remove logstash-input-twitter;
./bin/logstash-plugin remove logstash-output-cloudwatch;
./bin/logstash-plugin remove logstash-output-graphite;
./bin/logstash-plugin remove logstash-output-nagios;
./bin/logstash-plugin remove logstash-output-rabbitmq;
./bin/logstash-plugin remove logstash-output-webhdfs;
./bin/logstash-plugin remove logstash-codec-graphite;
```
9) List the plugins and corresponding versions, then add the output to [logstash-plugin-information.yml](logstash-plugin-information.yml)
```bash
./bin/logstash-plugin list --verbose
```
10) Package the plugins
```bash
./bin/logstash-plugin prepare-offline-pack --output helk-offline-logstash-codec_and_filter_plugins.zip --overwrite logstash-codec-* logstash-filter-* &&
./bin/logstash-plugin prepare-offline-pack --output helk-offline-logstash-input_and_output-plugins.zip --overwrite logstash-input-* logstash-output-*
```
11) Hash the packaged plugins
```bash
sha512sum helk-offline-logstash-codec_and_filter_plugins.zip > helk-offline-logstash-codec_and_filter_plugins.zip.sha512 &&
sha512sum helk-offline-logstash-input_and_output-plugins.zip > helk-offline-logstash-input_and_output-plugins.zip.sha512
```
12) Set timestamp of when updated
```bash
printf "%s" "$(date +"%Y-%m-%d %T")" > helk-plugins-updated-timestamp.txt
```
13) Move the plugins and files, via your preferred method, to [this directory](.)

BIN
docker/helk-logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
View File

Binary file not shown.

2
docker/helk-logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip.sha512
View File

@ -1 +1 @@
23a3b8d3988d5395c018c23eebcd19ed1f2fe13759e47ac6e40c552fc5738cef7afb46514f32d32060733b0b7832bc1e01ba4a2254b413361ad3c4cab41061f1 helk-offline-logstash-codec_and_filter_plugins.zip ef8e327f7b1390343ba8c917a7658e25ad4b164caa4e03d6f080f26cee31aa917253949e292305cc1262bbed70221976c21c512f01a6e52878769abf6fb26080 helk-offline-logstash-codec_and_filter_plugins.zip

BIN
docker/helk-logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
View File

Binary file not shown.

2
docker/helk-logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip.sha512
View File

@ -1 +1 @@
e7dff9af53e69ac4d8e362d4c9343fac5d40192a3fe33207a6dc6abd7e735cc84e981973d3b8a4d2bb51e9e81a6a530639b08c0c25f306dc2cd7b8d54198acf2 helk-offline-logstash-input_and_output-plugins.zip ab93d642b2456b56de2d1dca74ad1993ff9f5f6c9bae0abc2088c3e99e3f4b89181d6ae39bf19a8ae3d702cbc3281db0de1ab84558fc9562c93f768dc5285c4f helk-offline-logstash-input_and_output-plugins.zip

6
docker/helk-logstash/plugins/logstash-plugin-information.yml
View File

@ -48,7 +48,7 @@ logstash-filter-mutate (3.5.0)
logstash-filter-prune (3.0.4) logstash-filter-prune (3.0.4)
logstash-filter-ruby (3.1.5) logstash-filter-ruby (3.1.5)
logstash-filter-sleep (3.0.6) logstash-filter-sleep (3.0.6)
logstash-filter-split (3.1.7) logstash-filter-split (3.1.8)
logstash-filter-syslog_pri (3.0.5) logstash-filter-syslog_pri (3.0.5)
logstash-filter-throttle (4.0.4) logstash-filter-throttle (4.0.4)
logstash-filter-translate (3.2.3) logstash-filter-translate (3.2.3)
@ -62,7 +62,7 @@ logstash-input-beats (6.0.5)
logstash-input-dead_letter_queue (1.1.5) logstash-input-dead_letter_queue (1.1.5)
logstash-input-elasticsearch (4.5.0) logstash-input-elasticsearch (4.5.0)
logstash-input-exec (3.3.3) logstash-input-exec (3.3.3)
logstash-input-file (4.1.12) logstash-input-file (4.1.13)
logstash-input-generator (3.0.6) logstash-input-generator (3.0.6)
logstash-input-heartbeat (3.0.7) logstash-input-heartbeat (3.0.7)
logstash-input-http (3.3.2) logstash-input-http (3.3.2)
@ -90,7 +90,7 @@ logstash-integration-rabbitmq (7.0.2)
└── logstash-output-rabbitmq └── logstash-output-rabbitmq
logstash-output-csv (3.0.8) logstash-output-csv (3.0.8)
logstash-output-elastic_app_search (1.0.0) logstash-output-elastic_app_search (1.0.0)
logstash-output-elasticsearch (10.3.0) logstash-output-elasticsearch (10.3.1)
logstash-output-email (4.1.1) logstash-output-email (4.1.1)
logstash-output-file (4.2.6) logstash-output-file (4.2.6)
logstash-output-http (5.2.4) logstash-output-http (5.2.4)